Detecting a phishing entity in a virtual universe

ABSTRACT

An invention for detecting a phishing virtual entity in a virtual universe is disclosed. A virtual entity may be registered as authentic and be identified with multiple physical characteristics thereof. Another virtual entity will be monitored to detect whether it includes a physical characteristic that is sufficiently similar to that of a registered virtual entity to cause confusion. A phishing virtual entity is detected based on the monitoring and phishing prevention processes may be implemented on the phishing virtual entity.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.12/047,763, filed on Mar. 13, 2008, which is hereby incorporated in itsentirety.

TECHNICAL FIELD OF THE INVENTION

This invention relates generally to virtual universes, and morespecifically to detecting a fraudulent phishing entity in a virtualuniverse.

BACKGROUND OF THE INVENTION

Virtual universes or virtual worlds are computer-based simulatedenvironments intended for its users to inhabit and interact via avatars,which are graphical representations that others can see. An avatar oftentakes the form of a cartoon-like human character. An agent is a user'saccount with a virtual universe, upon which the user can build anavatar. The agent is tied to the inventory of assets the user owns.These types of virtual universes are now common in massive multiplayeronline games, such as Second Life (Second Life is a trademark of LindenResearch in the United States, other countries, or both). Avatars in thevirtual universes can do a wide range of business and/or socialactivities. Virtual universes may include other virtual entities such asa virtual store, a virtual club, an article, etc. Each virtual entityincluding an avatar is assigned with a universally unique identification(UUID) in the virtual universe.

A variety of fraudulent behaviors may be conducted in virtual universes.For example, phishing refers to a form of fraud in which an entity, suchas a website or a virtual store, masquerades as another entity by, e.g.,copying the other entity's appearance and/or other characteristics. Thegoal of the fraudulent emulation is to, e.g., lure visitors intoproviding personal or financial information, which thefraudulent/phishing entity may use for monetary gains.

SUMMARY OF THE INVENTION

In one embodiment, there is a method for detecting a phishing virtualentity in a virtual universe. In this embodiment, the method comprises:identifying a first virtual entity using characteristics of multiplephysical aspects of the first virtual entity; detecting ancharacteristic of at least one of the multiple physical aspects of asecond virtual entity; and comparing the characteristic of the secondvirtual entity with the characteristic of the first virtual entity of asame physical aspect to determine whether one of the first virtualentity or the second virtual entity is a phishing virtual entity.

In a second embodiment, there is a system for detecting a phishingvirtual entity in a virtual universe. In this embodiment, the systemcomprises: means for identifying a first virtual entity usingcharacteristics of multiple physical aspects of the first virtualentity; means for detecting an characteristic of at least one of themultiple physical aspects of a second virtual entity; and means forcomparing the characteristic of the second virtual entity with thecharacteristic of the first virtual entity of a same physical aspect todetermine whether one of the first virtual entity or the second virtualentity is a phishing virtual entity.

In a third embodiment, there is a computer program product for detectinga phishing virtual entity in a virtual universe. In this embodiment, thecomputer program product comprises computer usable program code embodiedin a computer readable medium, which when executed by a computer systemenables the computer system to: identify a first virtual entity usingcharacteristics of multiple physical aspects of the first virtualentity; detect an characteristic of at least one of the multiplephysical aspects of a second virtual entity; and compare thecharacteristic of the second virtual entity with the characteristic ofthe first virtual entity of a same physical aspect to determine whetherone of the first virtual entity or the second virtual entity is aphishing virtual entity.

In a fourth embodiment, there is a method for providing a system fordetecting a phishing virtual entity in a virtual universe. In thisembodiment, the method comprises at least one of: creating, maintaining,deploying or supporting a computer infrastructure being operable to:identify a first virtual entity using characteristics of multiplephysical aspects of the first virtual entity; detect an characteristicof at least one of the multiple physical aspects of a second virtualentity; and compare the characteristic of the second virtual entity withthe characteristic of the first virtual entity of a same physical aspectto determine whether one of the first virtual entity or the secondvirtual entity is a phishing virtual entity.

Other aspects and features of the present invention, as defined solelyby the claims, will become apparent to those ordinarily skilled in theart upon review of the following non-limited detailed description of theinvention in conjunction with the accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a system according to one embodiment of this invention;

FIG. 2 shows embodiments of an operation of a fraudulence detectingsystem according to the invention.

FIG. 3 shows an alternative embodiment of the operation of thefraudulence detecting system according to the invention.

FIG. 4 shows embodiments of the detail of a process of FIG. 3.

It is noted that the drawings of the invention are not to scale. Thedrawings are intended to depict only typical aspects of the invention,and therefore should not be considered as limiting the scope of theinvention. In the drawings, like numbering represents like elementsamong the drawings.

DETAILED DESCRIPTION OF THE INVENTION

The following detailed description of embodiments refers to theaccompanying drawings, which illustrate specific embodiments of theinvention. Other embodiments having different structures and operationsdo not depart from the scope of the present invention.

1. System Overview

FIG. 1 shows a block diagram of a system 10 according to an embodiment.System 10 includes a virtual world user 12, a virtual world server 14and an administration center 16. Virtual world server 14 supports avirtual universe 24 including at least one virtual region/island 26(virtual region 26 shown together with virtual universe 24) wherevirtual world user 12 may conduct activities via a virtual worldrepresentation 28 usually referred to as an avatar 28. Virtual universe24 may also include various other virtual entities 30, such a virtualstore 30. In this description, other virtual entity 30 and avatar 28 maybe generally referred to as a virtual entity 28/30, unless specificallyindicated otherwise. To this extent, in the current description, avirtual entity 28/30 refers to any virtual representation in virtualuniverse 24 including, for example, an avatar 28, a virtual place, e.g.,a virtual store, within virtual universe 24, an article in virtualuniverse 24, such as a car of avatar 28, etc. In the description herein,a virtual store is used as an example of other virtual entity 30. Avirtual store 30 may be a registered virtual store 3 OR or anunregistered virtual store 30U (registered virtual store 30R andunregistered virtual store 30U may be generally referred to as virtualstore 30). User 12 attends virtual universe 24 through a virtual worldclient/agent 32, e.g., a virtual world account established through,e.g., a personal computer communicatively coupled to virtual worldserver 14. Virtual entities 28/30 interact with one another in thevirtual activities. As is appreciated, a virtual store 30 may commitphishing activity by fraudulently emulating itself as another virtualstore 30 in exterior appearance, interior appearance, slogan, and/orstore name, etc. For example, an avatar 28 may confuse a phishingvirtual store 30 with another virtual store 30 or a virtual counterpartof a real world store as the two may have similar appearances. Theavatar 28 may perform a “transaction” with the phishing virtual store 30by providing its financial information, e.g., credit card information,to the phishing virtual store 30, which may maliciously use thefinancial information for its own monetary benefit(s).

Administration center 16 includes a fraudulence detecting system 38.Fraudulence detecting system 38 includes a registration unit 40; acharacteristic capturing unit 42; a monitoring unit 44; a comparing unit46 including a threshold setting unit 48; an implementing unit 50; and astoring unit 52. Other component(s) required for the operation offraudulence detecting system 38 may also be included as is understood inthe art.

According to an embodiment, administration center 16 may be implementedby a computer system. The computer system can comprise any generalpurpose computing article of manufacture capable of executing computerprogram code installed thereon to perform the process described herein.The computer system can also comprise any specific purpose computingarticle of manufacture comprising hardware and/or computer program codefor performing specific functions, any computing article of manufacturethat comprises a combination of specific purpose and general purposehardware/software, or the like. In each case, the program code andhardware can be created using standard programming and engineeringtechniques, respectively.

As should be appreciated, virtual world server 14 and administrationcenter 16 and components thereof may be positioned at the same physicallocation or may be at different physical locations. The interaction ofsystem 10 components will be described herein in detail.

2. Operation Methodology

An embodiment of the operation of fraudulence detecting system 38 isshown in the flow diagram of FIG. 2. Referring to FIGS. 1-2,collectively, in process S1, registration unit 40 allows a virtualentity 30, e.g., a virtual store, to register with fraudulence detectingsystem 38 as, e.g., an authentic virtual entity 30R. Upon registration,registration unit 40 may identify the registered virtual store 30R usingcharacteristics of multiple physical aspects of the registered virtualstore 30R. The advantages of using multiple physical aspects includeproviding an enlarged detecting coverage. In the description, multiplevirtual stores 30 may include a same or similar physical aspect(s),e.g., exterior appearances, and characteristic of the same physicalaspect, e.g., a specific exterior appearance represented by an exteriorgraphic, of each virtual store 30 can be compared to detect/determinetheir similarity/difference in the physical aspect. Note that morephysical characteristics that are registered/identified, the greater thepossibility of detecting a phishing virtual store 30 that emulates theregistered virtual store 30 in just a few physical aspects. Theidentified physical characteristics may include a text including textcharacter retrieved via, e.g., Optical Character Recognition (OCR)techniques, for example a slogan/in-store advertisement displayed in avirtual store 30R; dimensions (interior and/or exterior); locationcoordinates, e.g., within the virtual universe 24 grid; and/orexterior/interior appearance (i.e., graphics) of virtual store 30R. Inaddition, other information regarding the registered virtual store 30R,e.g., store name, user 12 (of the virtual store) information such as,but not limited to, identification, IP address, financial information,and/or contact information. The identified physical characteristics maybe provided by the registered virtual store 30R, or may becaptured/retrieved by characteristic capturing unit 42, or anycombination thereof. For example, characteristic capturing unit 42 maycapture graphics of multiple views of the exterior and/or the interiorof the registered virtual store 3OR to identify the registered virtualstore 30R. In capturing the graphics to identify the registered virtualstore 30R, characteristic capturing unit 42 and/or registration unit 40may use an entrance of the registered virtual store 30R as a basis for,e.g., arranging the graphics and/or calibrating the graphics. Theregistration information/identification of a registered virtual store30R may be stored by storing unit 52.

In process S2, monitoring unit 44 monitors another virtual store 30 (maybe either registered virtual store 3OR or unregistered virtual store30U) to detect physical characteristics thereof to determine potentialphishing virtual stores 30U. The monitoring may be implemented withcertain time and/or space windows/limitations. For example, monitoringunit 44 may monitor another virtual store 30 located within a presetradius of the registered authentic virtual store 30R. Monitoring unit 44may also monitor a virtual store 30 when a change in a physical aspectoccurs to the virtual store 30. Monitoring unit 44 may also monitor anunregistered virtual store 30U that applies for registration to checkwhether the monitored virtual store 30U is similar to/emulates as analready registered virtual store 30R. Monitoring unit 44 may detectcharacteristics of another virtual store 30 of the multiple physicalaspects that a registered virtual store 3OR is identified with. That is,monitoring unit 44 may coordinate with characteristic capturing unit 42to obtain/detect characteristics of a virtual store 30 of the samephysical aspects that a registered virtual store 30 is identified with.Specifically, monitoring unit 44 and characteristic capturing unit 42may obtain the characteristics of a virtual store 30 in text,dimensions, location coordinates, and/or exterior or interior graphics.Multiple views of graphics may be captured for the exterior and/orinterior of the virtual store 30. According to an embodiment, themultiple views together constitute a 360 degree view of the monitoredvirtual store 30.

In process S3, comparing unit 46 compares the physical characteristicsof a monitored virtual store 30 (e.g., an unregistered virtual store30U) with the identified characteristics of a registered virtual store30R of a same physical aspect to determine whether the monitored virtualstore 30 emulates as the registered virtual store 30R, i.e., whether themonitored virtual store 30 is a phishing virtual store. Usually aphishing virtual store does not need to be 100 percent identical to anauthentic virtual store to confuse an avatar 28 visiting the phishingvirtual store. To this extent, the comparing may be implemented with asimilarity threshold (usually less than 100% similarity). If a physicalcharacteristic of a monitored virtual store 30 is sufficiently similar,i.e., meets the similarity threshold, to the physical characteristic ofa registered authentic virtual store 30R of the same physical aspect,the monitored virtual store 30 may be determined as a phishing virtualstore. The similarity threshold may be determined based on whetherconfusion can be caused. For different physical aspects, the thresholdsmay be different as different aspects require different levels ofsimilarity to cause confusion. Threshold setting unit 48 may set (orreceive from an outside source) the similarity threshold for eachphysical aspect. In addition, the similarity threshold may be calibratedbased on empirical data regarding phishing virtual store detection. Forexample, the similarity threshold may be dynamically updated accordingto ratings received, such as by applying Bayesian or any other learningalgorithm to determine if a threshold needs to be raised or loweredbased on false negative and false positive errors, respectively. Forexample, a threshold may be automatically raised if the currentthreshold has inaccurately flagged too many virtual stores aspotentially fraudulent. For another example, a threshold may beautomatically lowered if the current threshold fails to flag sufficientvirtual stores that have been reported to be fraudulent. The amount tolower the threshold may be determined by calculating the point at whicha previously non-flagged entity may now be flagged with the revisedthreshold.

According to an embodiment, when comparing physical characteristics of amonitored (second virtual entity) virtual store 30 with a registered(first virtual entity) virtual store 30R, a viewing orientation of an(third virtual entity) avatar 28 visiting each virtual store 30 needs tobe considered because the viewing orientation affects whether thevisitor avatar 28 can be confused. For different virtual stores 30, theviewing orientation may be different. For example, an entrance of avirtual store 30 may typically be used to determine a viewingorientation of a visitor avatar 28 such that the comparing needs to bebased on the entrance of the monitored virtual store 30 and theregistered virtual store 30R. For example, an angle of view of agraphics may be determined relative to the entrance, and a front viewgraphics (i.e., a view directly in front of the entrance) may beassigned extra weight in the comparison. If multiple viewingorientations exist, graphics arranged with the multiple viewingorientations may be compared. This may therefore prevent a fraudulentvirtual store owner from, e.g., designing a primary entrance appearancethat is substantially original with an alternate entrance appearancethat is substantially similar to another virtual store.

In process S4, implementing unit 50 may invoke specified fraudresponse/prevention process(es) in the case that a monitored virtualstore 30 is determined as phishing, i.e., emulating as a registeredauthentic virtual store 30R. Any response may be implemented. Forexample, the account of the fraudulent/phishing entity may be suspended,transactions may be limited, rights may be revoked or reduced, etc.Additionally, the phishing virtual store may receive indicia indicativeof a suspected phishing, such as a large warning sign over any entrance,or a warning prompt sent to a user's virtual universe client 32 as theuser 12 approaches the virtual store.

In process S5, storing unit 52 may store the information regarding adetermined phishing virtual store for further references. For example,the UUID of the phishing virtual store may be stored with the user 12identification (ID), virtual universe account, store name, etc. Forexample, if a user 12 of the phishing virtual store applies to open anew virtual store 30 in virtual universe 24, the stored information maybe retrieved and an alert may be generated by fraudulence detectingsystem 38 regarding the phishing history/record of the user 12.

The result(s) of the detection/determination may be output toadministration center 16 and/or a user of administration center 16.

According to an alternative embodiment, as shown in FIG. 3, a real worldstore may also be registered with fraudulence detecting system 38. Inprocess S100, registration unit 40 may determine whether the storeapplying for registration is a virtual store 30 or a real world store.If the store is a virtual store 30, i.e., “Virtual”, the operationproceeds to process S101, and the subsequent processes S101-S105 may bethe same as processes S1-S5 in FIG. 2. If the store is a real worldstore, i.e., “Real”, the operation will proceed to process S110 wherethe real world store may be compared to an already registered store(virtual store 30 or real world store) to detect phishing. Either thereal store applying for registration or the already registered store maybe determined as phishing. However, in an embodiment, other conditionsbeing equal, a real world store applying for registration may be givenpreference over a registered virtual store 30R, as, e.g., the physicalcharacteristics of the real world store are more difficult to maneuverand other solutions exist to detect a fraudulent emulation of a realworld store. In process S112, it is determined whether the real worldstore applying for registration is determined as phishing in processS110. If the real world store is determined as phishing, i.e., “Yes”,the registration is refused in process S114. If the real world store isnot determined as phishing, the operation proceeds to processes S101 andS116.

In process S116, it is determined whether an already registered store isdetermined as phishing the real world store applying for registration inprocess S110. If an already registered store is determined as phishing,i.e., “Yes”, the process proceeds to process S104. If “No”, theoperation proceeds to output the determination result(s).

FIG. 4 shows the detail of process S110 according to an embodiment. Inprocess S218, characteristic capturing unit 42 obtains physicalcharacteristics of real world store applying registration similar as inprocess S2 of FIG. 2. The physical characteristics may be provided bythe real world store and be certified/approved by characteristiccapturing unit 42 or may be actually obtained by characteristiccapturing unit 42 independently.

In process S220, comparing unit 46 may compare the physicalcharacteristics of the real world store to the identified physicalcharacteristics of a registered virtual store 30R or an alreadyregistered real world store to detect phishing. The comparing may beimplemented similarly as in process S3 of FIG. 2. In addition, insub-process S222, a rule may be retrieved and applied by comparing unit46 to determine a phishing store in the case the real world storeapplying for registration is sufficiently similar (i.e., thresholds aremet) to an already registered store. For example, a rule may stipulatethat when a real world store is sufficiently similar to a registeredvirtual store 30R, the registered virtual store will be determined asphishing as a preference is given to a real world store.

In the description herein, when a real world entity (e.g., a real worldstore) applies for registration with fraudulence detecting system 38,the real world entity is treated as a virtual entity no matter whetherthe real world entity operates virtually in virtual universe 24. To thisextent, a “virtual entity” may be a real world entity applying forregistration with fraudulence detecting system 38.

3. Conclusion

While shown and described herein as a method and system for detecting aphishing virtual entity in a virtual universe, it is understood that theinvention further provides various alternative embodiments. For example,in an embodiment, the invention provides a program product stored on acomputer-readable medium, which when executed, enables a computerinfrastructure to detect a phishing virtual entity in a virtualuniverse. To this extent, the computer-readable medium includes programcode, such as fraudulence detecting system 38 (FIG. 1), which implementsthe process described herein. It is understood that the term“computer-readable medium” comprises one or more of any type of physicalembodiment of the program code. In particular, the computer-readablemedium can comprise program code embodied on one or more portablestorage articles of manufacture (e.g., a compact disc, a magnetic disk,a tape, etc.), on one or more data storage portions of a computingdevice, and/or as a data signal traveling over a network (e.g., during awired/wireless electronic distribution of the program product).

In another embodiment, the invention provides a method of providing asystem for detecting a phishing virtual entity in a virtual universe. Inthis case, a computer system, such as administration center 16 (FIG. 1),can be generated (e.g., created, deployed, maintained, having madeavailable to, supported etc.) and one or more programs/systems, e.g.,fraudulence detecting system 38 (FIG. 1), for performing the processdescribed herein can be obtained (e.g., created, purchased, used,modified, etc.) and deployed to the computer system. To this extent, thedeployment can comprise one or more of: (1) installing program code on acomputing device, such as administration center 16 (FIG. 1), from acomputer-readable medium; (2) adding one or more computing devices tothe computer system; and (3) incorporating and/or modifying one or moreexisting devices of the computer system, to enable the computer systemto perform the process described herein.

It should be appreciated that the teachings of the present inventioncould be offered as a business method on a subscription or fee basis.For example, a fraudulence detecting system 38 (FIG. 1), and a computingdevice comprising fraudulence detecting system 38 (FIG. 1) could becreated, maintained and/or deployed by a service provider that offersthe functions described herein for customers. That is, a serviceprovider could offer to provide a service to conduct a marketingactivity as described above.

As used herein, it is understood that the terms “program code” and“computer program code” are synonymous and mean any expression, in anylanguage, code or notation, of a set of instructions that cause acomputing device having an information processing capability to performa particular function either directly or after any combination of thefollowing: (a) conversion to another language, code or notation; (b)reproduction in a different material form; and/or (c) decompression. Tothis extent, program code can be embodied as one or more types ofprogram products, such as an application/software program, componentsoftware/a library of functions, an operating system, a basic I/Osystem/driver for a particular computing and/or I/O device, and thelike. Further, it is understood that the terms “component” and “system”are synonymous as used herein and represent any combination of hardwareand/or software capable of performing some function(s).

The flowcharts and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblocks may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems which perform the specified functions or acts, or combinationsof special purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, steps, operations, elements, and/orcomponents, but do not preclude the presence or addition of one or moreother features, steps, operations, elements, components, and/or groupsthereof.

Although specific embodiments have been illustrated and describedherein, those of ordinary skill in the art appreciate that anyarrangement which is calculated to achieve the same purpose may besubstituted for the specific embodiments shown and that the inventionhas other applications in other environments. This application isintended to cover any adaptations or variations of the presentinvention. The following claims are in no way intended to limit thescope of the invention to the specific embodiments described herein.

1. A method for detecting a phishing entity in a virtual universe,comprising: identifying at least one characteristic of at least onephysical aspect of a real-world store; detecting at least onecharacteristic of at least one physical aspect of a virtual entity; andcomparing the characteristic of the virtual entity with thecharacteristic of the real-world entity of a same physical aspect todetermine whether one of the real-world entity or the virtual entity isa phishing entity that lures visitors into providing personalinformation.
 2. The method of claim 1, wherein the physical aspects ofthe virtual entity include at least one of: a text, a dimension, alocation coordinate, or a graphic.
 3. The method of claim 1, wherein theidentifying includes identifying the real-world entity using graphics ofmultiple views of at least one of an exterior or an interior of thereal-world entity.
 4. The method of claim 1, wherein the detectingincludes obtaining a 360 degree view of at least one of an exterior oran interior of the virtual entity.
 5. The method of claim 1, wherein thecomparing is based on a similarity threshold set for the same physicalaspect.
 6. The method of claim 1, wherein the comparing is based on aviewing orientation of a third entity visiting the virtual entity andthe real-world entity.
 7. The method of claim 6, wherein the viewingorientation is determined based on an entrance of the real-world entityand an entrance of the virtual entity.
 8. A system for detecting aphishing entity in a virtual universe, comprising: a computer configuredto perform the method comprising: identifying at least onecharacteristic of at least one physical aspect of a real-world store;detecting at least one characteristic of at least one physical aspect ofa virtual entity; and comparing the characteristic of the virtual entitywith the characteristic of the real-world entity of a same physicalaspect to determine whether one of the real-world entity or the virtualentity is a phishing entity that lures visitors into providing personalinformation.
 9. The system of claim 8, wherein the physical aspectsinclude at least one of: a text, a dimension, a location coordinate, ora graphic.
 10. The system of claim 9, wherein the identifying includesidentifies the real-world entity using graphics of multiple views of atleast one of an exterior or an interior of the real-world entity. 11.The system of claim 8, wherein the detecting includes obtaining a 360degree view of at least one of an exterior or an interior of the virtualentity.
 12. The system of claim 8, wherein the comparing is based on asimilarity threshold set for the same physical aspect.
 13. The system ofclaim 8, wherein the comparing is based on a viewing orientation of athird entity visiting the real-world entity and the virtual entity. 14.The system of claim 13, wherein the viewing orientation is determinedbased on an entrance of the real-world entity and an entrance of thevirtual entity.
 15. A computer program product for detecting a phishingentity in a virtual universe, comprising: computer usable program codeembodied in a computer readable tangible medium, which when executed bya computer system enables the computer system to: identify at least onecharacteristic of at least one physical aspect of a real-world store;detect at least one characteristic of at least one physical aspect of avirtual entity; and compare the characteristic of the virtual entitywith the characteristic of the real-world entity of a same physicalaspect to determine whether one of the real-world entity or the virtualentity is a phishing entity that lures visitors into providing personalinformation.
 16. The program product of claim 15, wherein the physicalaspects include at least one of: a text, a dimension, a locationcoordinate, or a graphic.
 17. The program product of claim 16, whereinthe program code is further configured to enable the computer system toidentify the real-world entity using graphics of multiple views of atleast one of an exterior or an interior of the real-world entity. 18.The program product of claim 15, wherein the program code is furtherconfigured to enable the computer system to obtain a 360 degree view ofat least one of an exterior or an interior of the virtual entity. 19.The program product of claim 15, wherein the comparing is based on asimilarity threshold set for the same physical aspect.
 20. The programproduct of claim 15, wherein the comparing is based on a viewingorientation of a third entity visiting the real-world entity and thevirtual entity.
 21. The program product of claim 20, wherein the viewingorientation is determined based on an entrance of the real-world entityand an entrance of the virtual entity.
 22. A method for providing asystem for detecting a phishing entity in a virtual universe,comprising: at least one of: creating, maintaining, deploying orsupporting a computer infrastructure being operable to: identify atleast one characteristic of at least one physical aspect of a real-worldstore; detect at least one characteristic of at least one physicalaspect of a virtual entity; and compare the characteristic of thevirtual entity with the characteristic of the real-world entity of asame physical aspect to determine whether one of the real-world entityor the virtual entity is a phishing entity that lures visitors intoproviding personal information.
 23. The method of claim 22, wherein thephysical aspects include at least one of: a text, a dimension, alocation coordinate, or a graphic.
 24. The method of claim 23, whereinthe computer infrastructure is further operable to identify thereal-world entity using graphics of multiple views of at least one of anexterior or an interior of the real-world entity and to obtain a 360degree view of at least one of an exterior or an interior of the virtualentity.
 25. The method of claim 22, wherein the comparing is based on aviewing orientation of a third entity visiting the real-world entity andthe virtual entity.